Monero developers have disclosed nearly a dozen flaws including a critical bug that may have left crypto exchanges open to XMR theft. | Source: Shutterstock

Monero developers have revealed nine security flaws, and one of them can be exploited to steal XMR from cryptocurrency exchanges.

Two critical Monero bugs discovered

“By mining a specially crafted block, that still passes daemon verification an attacker can create a miner transaction that appears to the wallet to include sum of XMR picked by the attacker. It is our belief that this can be exploited to steal money from exchanges,” a developer with the pseudoname “cutcoin” stated in the HackerOne report.

The developers have also discovered five DoS attack vectors, and they labeled one of them as a critical issue.

Another security flaw was discovered concerning CryptoNote, an application layer used in the Monero ecosystem to increase the privacy of the transactions.

If hackers have managed to exploit this bug, they would be able to take Monero nodes down using a method that includes the malicious request of large amounts of blockchain data from the cryptocurrency’s network.

“If you have quite a big blockchain (with long history like Monero […]), then you can push a protocol request that will call all of its blocks from another node, which could be hundreds of thousands of blocks. Preparing such a response can take a lot of resources. Eventually, the OS might kill it due to the huge memory consumptions, which is typical of Linux systems,” the vulnerability’s discoverer, Andrey Sabelnikov, told Hard Fork.

According to Sabelnikov, other crypto projects who are utilizing CryptoNote could be affected by the security flaw.

Another issue developers have found is the leaking of uninitialized memory. According to the report, uninitialized memory is never literally uninitialized. Therefore, it contains sensitive data, such as cryptographic and private information.

Flaws were not exploited

The developers reported the majority of the flaws approximately four months ago with eight vulnerabilities being patched in the meantime and the ninth one remaining undisclosed.

While two of the nine flaws were labeled as critical by the developers, it should be noted that these are all “proof of concepts” and there’s no sign that anyone has managed to exploit the bugs.

Last year, CCN reported that Monero developers have successfully patched a bug in September that could have put both cryptocurrency exchanges and merchants at risk.

By sending a series of payments to a single stealth address belonging to a cryptocurrency exchange or merchant and exploiting a bug in the Monero wallet software, hackers would have been able to “burn” cryptocurrency exchange deposits.

However, this issue was also a “proof of concept” and never had any real consequences.

You May Also Like

3 Key Things the Mainstream Financial Media Is Missing About Bitcoin

Mainstream media is out spreading fear, uncertainty, and doubt (FUD) about bitcoin…

Bitcoin Price Eyes $8,000 as Bloomberg Signals New Buying Trend

Bitcoin’s price (BTC/USD) is eyeing a return to $8,000 as a new buying trend emerges, according to Bloomberg News.

Crypto Developer’s Arrest for Aiding North Korea Echoes Eerily Prophetic 2008 NYT Profile

Ethereum developer Virgil Griffith was arrested for teaching North Korea about crypto. A decade earlier, the NYT wrote an eerily prophetic profile on him.

Ethereum’s Vitalik Buterin to Sign ‘Free Virgil Griffith’ Petition Following FBI Arrest

Ethereum co-founder Vitalik Buterin is signing a petition to free estranged Virgil Griffith who was arrested by the FBI on thanksgiving.

Analyst Explains Why Bitcoin Price Could Plummet to $2,020 in 2020

An analyst says bitcoin could crash to $2,000 to $3,000 range as…

VeChain (VET) Jumps a Whooping 26%, Thanks to an Iconic Retro Game Remake

Contrary to the rest of the crypto market VeChain (VET) is up 26% today and showing no signs of slowing down, but what’s driving the token?